Skillset

In Part One, we covered some important security configurations checklists relating to AWS objects such as S3, IAM and Cloudtrail. In this installment, we will continue exploring more configurations of other AWS objects.

AWS Virtual Private Cloud (VPC)

AWS VPC provides an isolated network within the AWS cloud. It’s like an elongated organization network connected over a VPN network. VPC helps control the configuration of gateways, routers and so forth, and provides an additional layer of security for organizations moving towards use of the AWS cloud. Following is a security monitoring checklist for every security team performing monitoring of VPC:

Security Monitoring Checklist

Monitoring of AWS VPC to ensure that no network ACL exists which allow ingress traffic from all ports

Monitoring of AWS VPC to ensure that no network ACL exists which allow egress traffic to all ports

Monitoring of AWS VPC to find unused virtual private gateways

Monitoring of AWS VPC to find if any VPC endpoint is exposed by checking for principal value in policy

Monitoring of AWS VPC to find out if flow logs have been enabled or not

AWS Elastic Cloud Compute (EC2)

AWS EC2 is a unit which can be provisioned on demand and can be scaled up or down as per requirement. Following is the EC2 checklist for security monitoring:

Security Monitoring Checklist

Monitoring of AWS EC2 to ensure they are not using any blacklisted AMIs

Monitoring of AWS EC2 to ensure they are not using a default security group

Monitoring of AWS EC2 to ensure that there is no security group with unrestricted outbound access

Monitoring of AWS EC2 to ensure that there is no unrestricted inbound access to following services:

FTP

MSSql

MySql

MongoDB

SMTP

Telnet

SSH

Netbios access

(And so on)

Monitoring of AWS EC2 to ensure that unused EC2 keypairs are decommissioned

AWS Elastic Load Balancer (ELB)

AWS ELB is a service that balances the incoming load among backend EC2 instances. It’s like a normal load balancer in traditional IT organization. Following is the checklist for ELB security monitoring:

Security Monitoring Checklist

Monitoring of AWS ELB to ensure that no insecure protocols or ciphers are deployed. This is generally decided by the organization per their current compatibility and security standards, which should be followed by best practices such as server order preference

Monitoring of AWS ELB to ensure that it has a valid Security Group associated with it

Monitoring of AWS ELB to ensure that it has the latest security policies deployed

AWS Elastic Block Storage (EBS)

AWS EBS is a service that provides block-level storage attached to EC2.These EBS volumes work independently. Following is the checklist for EBS security monitoring:

Security Monitoring Checklist

Monitoring of AWS EBS to ensure that it is encrypted

Monitoring of AWS ELB to ensure that it is encrypted with KMS CMKs, in order to have full control over keys

Monitoring of AWS ELB to ensure that the EBS snapshots are not publicly available

Monitoring of AWS ELB to ensure that the EBS snapshot is also encrypted

Ethical Hacking Training – Resources (InfoSec)

AWS Relational Database Service (RDS)

AWS RDS is a service that allows to quickly provision, operationalize and scale relational databases. Following is the checklist for RDS security monitoring:

Security Monitoring Checklist

Monitoring of AWS RDS to ensure that the DB security groups do not allow unrestricted inbound access. It should be noted that DB security groups were possible for EC2 classic instances before 04/12/2013. After that date, only EC2-VPC instances are supported, which in turn use VPC security groups

Monitoring of AWS RDS to ensure that the Auto Minor version feature is enabled

Monitoring of AWS RDS to ensure that the RDS instances are encrypted

Monitoring of AWS RDS to ensure that RDS instances are encrypted using KMS CMKs, in order to have full control

Monitoring of AWS RDS to ensure that the RDS instances are not publicly accessible

Monitoring of AWS RDS to ensure that RDS snapshots are not publicly accessible

Monitoring of AWS RDS to ensure that RDS snapshots are encrypted

AWS Redshift

AWS Redshift is a data warehouse service which provides a cost-efficient and simple way to analyze data trends using existing business tools. Following is the checklist for Redshift security monitoring:

Security Monitoring Checklist

Monitoring of AWS RDS to ensure that Redshift clusters are encrypted

Monitoring of AWS RDS to ensure that encrypted Redshift clusters are using KMS CMKs for full control

Monitoring of AWS RDS to ensure that Redshift clusters are not publicly available

Monitoring of AWS RDS to ensure that activity logging is enabled

Monitoring of AWS RDS to ensure that Redshift clusters are launched within VPC

This completes our coverage of other important AWS objects and their respective checklists for security monitoring.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

+ five = 10

About InfoSec

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. Learn more at infosecinstitute.com.

Connect with us

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam